Focused On Your Success


The All.Net Security Database


Organizational Issues Cross Reference
Organizational Cross Reference


Things that require that the orgaznition works properly in order to have good effect.

Organizational structure and culture create an atmosphere that can be more or less conducive to effective information protection.

Cause/Mechanism:
  • Threat Profiles
  • Attack Methods
  • Defense Methods
    Process:
  • Prevention
  • Detection
  • Reaction
    Impact:
  • Integrity
  • Availability
  • Confidential
  • Use Control
  • Other:
  • Risk Management
  • Database Description

    Domain:
  • Physical
  • Informational
  • Systemic
    Sophistication:
  • Theoretical
  • Demonstrated
  • Widespread
  • Perspectives:
  • Management
  • Policy
  • Standards
  • Procedures
  • Documentation
  • Audit
  • Testing
  • Technical Safeguards
  • Personnel
  • Incident Handling
  • Legal
  • Physical
  • Awareness
  • Training
  • Education
  • Organization
  • Brekne's Mechanistic:
  • Input
  • Output
  • Storage
  • Processing
  • Transmission
  • Brekne's Causal:
  • Accidental
  • Malicious
  • Brekne's Method:
  • Leakage
  • Masquerade
  • Denial
  • Corruption
  • Usage
  • Mental

  • [Defense5 - background checks]
    [Defense57 - change management]
    [Defense105 - Chinese walls]
    [Defense137 - choice of location]
    [Defense120 - clear line of responsibility for protection]
    [Defense58 - configuration management]
    [Defense96 - content checking]
    [Defense129 - democracy principle (GASSP)]
    [Defense3 - detect waste examination]
    [Defense118 - document and information control procedures]
    [Defense7 - effective mandatory access control]
    [Defense76 - effective protection mind-set]
    [Defense21 - fault isolation]
    [Defense6 - feeding false information]
    [Defense39 - good hiring practices]
    [Defense14 - human intervention after detection]
    [Defense109 - independent control of audit information]
    [Defense119 - individual accountability for all assets and actions]
    [Defense74 - information flow controls]
    [Defense116 - inspection of incoming and outgoing materials]
    [Defense127 - integration principle (GASSP)]
    [Defense130 - internal control principle (GASSP)]
    [Defense79 - inventory control]
    [Defense37 - least privilege]
    [Defense124 - legal agreements]
    [Defense110 - low building profile]
    [Defense31 - misuse detection]
    [Defense43 - multi-version programming]
    [Defense126 - multidisciplinary principle (GASSP)]
    [Defense98 - perception management]
    [Defense36 - periodic reassessment]
    [Defense15 - physical security]
    [Defense25 - policies]
    [Defense28 - procedures]
    [Defense122 - protection of names of resources]
    [Defense70 - quad-tri-multi-angulation]
    [Defense11 - quotas]
    [Defense16 - redundancy]
    [Defense101 - regular review of protection measures]
    [Defense23 - reintegration]
    [Defense100 - retaining confidentiality of security status information]
    [Defense140 - searches and inspections]
    [Defense48 - security marking and/or labeling]
    [Defense40 - separation of duties]
    [Defense41 - separation of function]
    [Defense133 - simplicity principle (GASSP)]
    [Defense27 - standards]
    [Defense128 - timeliness principle (GASSP)]
    [Defense106 - tracking, correlation, and analysis of incident reporting and response information]
    [Defense24 - training and awareness]
    [Defense78 - trusted repair teams]
    [Defense97 - trusted system technologies]
    [Defense113 - universal use of badges]
    [Defense2 - waste data destruction]